Date: Mon, 11 Dec 2017 11:34:45 -0800 (PST) From: Roger Marquis <marquis@roble.com> To: Karl Denninger <karl@denninger.net> Cc: freebsd-security@freebsd.org Subject: Re: http subversion URLs should be discontinued in favor of https URLs Message-ID: <nycvar.OFS.7.76.1712111123460.79239@mx.roble.com> In-Reply-To: <63cb70da-4e6f-af20-af3a-9741afaf03b9@denninger.net> References: <8788fb0d-4ee9-968a-1e33-e3bd84ffb892@heuristicsystems.com.au> <20171205220849.GH9701@gmail.com> <24153.1512513836@critter.freebsd.dk> <1C30FE91-753A-47A4-9B33-481184F853E1@tetlows.org> <867etyzlad.fsf@desk.des.no> <1291.1512658230@critter.freebsd.dk> <2a8d9a0a-7a64-2dde-4e53-77ee52632846@tjvarghese.com> <CAC0r6X94N4Dv=droSC=B8ri-sH2eb9gJgdvpVqwPt0pSenXfog@mail.gmail.com> <slrnp2t7rl.nqg.naddy@lorvorc.mips.inka.de> <632cd44e-2072-8abf-ef3c-86701881e723@whitewinterwolf.com> <20171211180839.ycc7es5ekstq44gn@localhost> <63cb70da-4e6f-af20-af3a-9741afaf03b9@denninger.net>
next in thread | previous in thread | raw e-mail | index | archive | help
Karl Denninger wrote: > Advocating the FORCING of https is IMHO utterly ridiculous for the > reasons I pointed out. This is an important point. Given the differences of opinion noted here there is no good reason not to allow sites to sync over the protocol of their choosing. Of course signed datasets would be excellent, as would verifiable builds, but (also IMO) not good enough to justify forcing of non-encrypted updates. > The issue of potentially-tampered-with source code not only can't be dealt > with correctly through the use of https (at least not with the public CA > infrastructure that "everyone" relies on for "pedestrian" https) there ARE > other means of dealing with it correctly that do not require using https. > That's where attention should be focused. Would have to disagree with this assertion, at least until it can be demonstrated that an alternative signature presharing mechanism would be more secure (than the CA maintained by EFF/LetsEncrypt at least). IMO, Roger Marquis
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?nycvar.OFS.7.76.1712111123460.79239>